来源

关联漏洞

描述

This Python implementation serves an educational purpose by demonstrating the exploitation of CVE-2023-23752. The code provides insight into the vulnerability's exploitation.

介绍

# Joomla-CVE-2023-23752
This Python implementation serves an educational purpose by illustrating the exploitation of CVE-2023-23752. The code offers insight into how the vulnerability can be exploited.

## Table of Contents

- [About](#about)
- [Installation](#installation)
- [Usage](#usage)
- [Contributing](#contributing)
- [Vulnerable Environment Deployment](#vulnerable)
- [Credits](#credits)
- [License](#license)
- [Disclaimer](#disclaimer)

## About

This project showcases a Python implementation aimed at demonstrating the CVE 2023 23752 Information Disclosure Vulnerability. It includes a docker-compose.yml file to streamline setup and execution, making it particularly useful for efficiently demonstrating or testing the Proof of Concept.


## Installation

To properly run the exploit.py file, download the project files and execute the following code to install the necessary dependencies:
```
pip install -r requirements.txt
```


### Prerequisites
```
- termcolor version 1.1.0
- requests version 2.31.0
```
## Usage
Utilizing the exploit.py file is simple—just execute it with the provided URL. Moreover, running it without color can be achieved by using the --no-color option.
```
python exploit.py http://target_url.com:port
```
![Usage example](resources/usage_example.png "Proof of Concept")


## Contributing

Explain how others can contribute to your project. Whether it's bug reporting, feature requests, or code contributions, outline guidelines for potential contributors.

### Code Contribution

1. Fork the repository
2. Create a new branch (`git checkout -b feature`)
3. Make changes, commit them, and push to the branch (`git push origin feature`)
4. Create a pull request

## Vulnerable Environment Deployment

v4.2.7

```
docker-compose up --build
```

Then reach the installation page http://127.0.0.1:4242/installation/index.php.

Complete the installation (db credentials are `root` / MYSQL_ROOT_PASSWORD (cf. `docker-compose.yml`) and host is `mysql` not localhost).

**Warning**: This setup is not suitable for production use.

## Credits 

-  [Noraj(Alexandre Zanni)](https://github.com/Acceis/exploit-CVE-2023-23752): This project drew inspiration from Noraj's implementation in Ruby, which served as a foundational reference for this project.
-  [Hacktricks](https://book.hacktricks.xyz/network-services-pentesting/pentesting-web/joomla): A lot of information about the possibilities of this vulnerability were researched in this website.

## License

This project is licensed under the [MIT License](LICENSE).

## Disclaimer
This software is intended for knowledge and awareness purposes only. I do not endorse, encourage, or support any illegal or unauthorized use of this software. Any actions taken by users with this software that violate the law or infringe upon the rights of others are strictly prohibited. Users are solely responsible for ensuring that their use of this software complies with all applicable laws and regulations. I shall not be held liable for any misuse or illegal activities carried out with this software.

文件快照

 [4.0K]  /data/pocs/8948fa83f42ec48b641430f403eece39882a0e7e
├── [ 394]  docker-compose.yml
├── [2.5K]  exploit.py
├── [1.0K]  LICENSE
├── [3.0K]  README.md
├── [  33]  requirements.txt
└── [4.0K]  resources
    └── [ 29K]  usage_example.png

1 directory, 6 files

备注